ASA product line

chrisv2005 — Mon, 11 Mar 2019 15:11:25 GMT

Just a quick question. As far as PIX and ASA technology, is there a reason why you cannot ping test the outside/public ASA with packet sizes over 1000 or 1500 bytes?

Yes, all ICMP echos and relpy commands are present and you can ping and get replys using nomral 32 byte packets.

The problem is when you ping the outside/public interface with packets larger than 1000 or 1500 byte packets. Is there some IPS or signature rule on ASA's or PIX with IOS version 7 or 8 , that prevent such large packets?

I have noticed on various sites that this is the case on all our PIX and ASA's. Just wondering if this is a common signature on Firewall technology to protect the network from outside attacks. Your help is much appreciated. Thanks

Re: ASA product line

chrisv2005 — Wed, 01 Apr 2009 17:12:04 GMT

Just wanted to update everyone on the solution.

ASA auditing has a signature "2151" that prohibits large packet sizes beyond 992 bytes.

The command to disable this signature is: ip audit signature 2151 disable

to re-enable: no ip audit signature 2151 disable

topic Re: ASA product line in Network Security

ASA product line

Re: ASA product line